What is claimed is: 



1. A gateway comprising: 

at least one public network interface connected to a public network; 
at least one private network interface connected to a private network; and 
a control unit linked to the public network interface and the private network 
interface, 

wherein the control unit is configured to set up a virtual private network (VPN) 
tunnel by communicating with a gateway of a second private network connected to the 
public network, if a tunnel setup request is received from a host connected to a first 
private network to set up a tunnel to the second private network, and 

wherein the control unit is configured to create a new network address table in 
order for the first and said second private networks to use different network addresses in 
the VPN tunnel, and translate addresses based on the new network address table and 
forward data packets transmitted from the host connected to the first private network or 
from the second private network, if the first and second private networks have the same 
network address or a network address of one of the first and second private networks is 
included in a network address of the other one of the first and seconds private networks. 

2. The gateway as claimed in claim 1, wherein the control unit comprises: 

a web server configured to provide a tunnel setup request page in order for the 
host connected to the first private network to initiate the tunnel setup request; 
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a private network Domain Name Server (DNS) processor configured to obtain 
an Internet Protocol (IP) address of the gateway of the second private network from a 
Domain Name Server (DNS) connected to said public network with respect to the 
tunnel setup request by the host connected to the first private network; 

a VPN processor configured to operate as a server or a client according to the 
tunnel setup request transferred through the public network interface or the private 
network interface, and create a tunnel to said second private network; and 

a Network Address Table (NAT) / Network Address Port Table (NAPT) 
processor configured to translate a private IP address into an IP address or translating an 
IP address into a private IP address by using a NAPT protocol with respect to data 
packets transmitted between said public network and said private network, and translate 
private IP addresses in the VPN tunnel by using a NAT protocol if the VPN tunnel is set 
up between the first private network and the second private network,. 

3. The gateway as claimed in claim 2, wherein the VPN processor is configured 
to send a tunnel setup request message to the gateway of the second private network if 
the tunnel setup request is transmitted from the host connected to the first private 
network, and send an acknowledgement (ACK) to the gateway of the second private 
network if a response to the tunnel setup request is received from the gateway of the 
second private network. 
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4. The gateway as claimed in claim 3, wherein the tunnel setup request message 
comprises a network address of the second private network and a second network 
address to be used for the network address of the second private network in the VPN 
tunnel. 

5. The gateway as claimed in claim 3, wherein the VPN processor is configured 
to send a response message to the second private network if the tunnel setup request 
message comprising a network address of the second private network and a second 

network address to be used in the VPN tunnel as a network address of the second 

-> 

private network is received, the response message comprising a network address of the 
first private network, the second network address, and a third network address to be 
used in the VPN tunnel as a network address of the second private network. 

6. The gateway as claimed in claim 2, wherein the web server comprises a 
middleware server. 

7. The gateway as claimed in claim 1, wherein the control unit comprises: 

a web server configured to provide a tunnel setup request page in order for a 
host connected to the first private network to request the setup of the tunnel; 

a private network Domain Name Server (DNS) processor configured to obtain 
an Internet Protocol (IP) address of the gateway of the second private network from a 
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Domain Name Server (DNS) connected to the public network with respect to the tunnel 
setup request by the host connected to the first private network; 

a Home-to-Home Tunnelling Initiation Protocol (HTIP) processor configured to 
transmit and receive a tunnel setup request message in accordance with the tunnel setup 
request being transmitted through the public network interface or the private network 
interface, the tunnel setup request message containing a parameter necessary for the 
setup of tunnel between the first and second private networks; 

a Virtual Private Network (VPN) processor configured to operate as a server or a 
client, and perform processing such that the tunnel can be set up between the first and 
second private networks; and 

a Network Address Table (NAT) / Network Address Port Translation (NAPT) 
processor for translating a private IP address into an IP address or translating an IP 
address into a private IP address by using a NAPT protocol with respect to data packets 
transmitted to between the public network and the private network, and translate private 
IP addresses in the VPN tunnel by using a NAT protocol if the VPN tunnel is set up 
between the first private network and the second private network and if address 
translation is required. 

8. The gateway as claimed in claim 7, wherein the HTIP processor is 
configured to send the tunnel setup request message to the gateway of the second 
private network if the tunnel setup request to the second private network is received 
from the host connected to the first private network, and send an acknowledgement 
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(ACK) message to the gateway of the second private network if a response to the tunnel 
setup request is received from the gateway of the second private network. 

9. The gateway as claimed in claim 8, wherein the parameter included in 
the tunnel setup request message to the second private network comprises: 

a VPN protocol to be used in setting up the tunnel; 
a network address of the first private network; and 

second network addresses to be used in the VPN tunnel as a network address of 
the first private network. 

10. The gateway as claimed in claim 8, wherein the HTIP processor is 
configured to send a response message if the tunnel setup request message is received 
from the second private network, , 

the tunnel setup request message comprises a VPN protocol to be used in setting 
up the tunnel, a network address of the second private network, and second network 
addresses to be used in the VPN tunnel as a network address of the second private 
network, and 

the response message comprises a VPN protocol to be used in setting up the 
tunnel, a network address of the first private network, third network addresses to be 
used in the VPN tunnel for a network address of the first private network, a network 
address of the second private network, and the second network addresses. 
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11. The gateway as claimed in claim 8, wherein the HTTP processor is 
configured to set the VPN processor as a VPN server, and send out a READY message, 
notifying the second private network that the setting of the VPN processor is completed, 
if the ACK message is received from the second private network. 

12. The gateway as claimed in claim 11, wherein the HTTP processor is 
configured to set the VPN processor as a VPN client with respect to the VPN server of 
the second private network, and drive the VPN client to set up a VPN tunnel between 
the first private network and the second private network, if the READY message is 
received from the second private network. 

13. The gateway as claimed in claim 8, wherein the HTIP processor is 
configured to analyze the tunnel setup request message or the response message from 
the second private network, and notify the second private network the tunnel request 
message or the response message is inappropriate by sending out a NAK message to the 
second private network. 

14. The gateway as claimed in claim 13, wherein the HTIP processor is 
configured to newly set parameters and parameter values contained in the tunnel setup 
request message or the respond message and re-send the newly-set parameters and 
parameter values to the second private network, if the NAK message is received in 
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response to the tunnel setup request message or the response message being transmitted 
to the second private network. 

15. The gateway as claimed in claim 8, wherein the HTTP processor is 
configured to negotiate in advance parameters comprising a VPN protocol to be used in 
setting up the tunnel, a network address of the first private network, a second network 
address to be used in the VPN tunnel for a network address of the first private network, 
a network address of the second private network, a third network address to be used in 
the VPN tunnel for a network address of the second private network, such that VPN 
tunnels are set up simultaneously in the private network while the network addresses 
used in existing VPN tunnels do not collide with the network addresses of the VPN 
tunnel. 

16. The gateway as claimed in claim 7, wherein the web server is comprises 
a middleware server. 
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